EC0-350 Exam Details

  • Exam Code
    :EC0-350
  • Exam Name
    :Ethical Hacking And Countermeasures (CEH)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :878 Q&As
  • Last Updated
    :Jul 07, 2026

EC-COUNCIL EC0-350 Online Questions & Answers

  • Question 131:

    Which element of Public Key Infrastructure (PKI) verifies the applicant?

    A. Certificate authority
    B. Validation authority
    C. Registration authority
    D. Verification authority

  • Question 132:

    The SYN flood attack sends TCP connections requests faster than a machine can process them.

    Attacker creates a random source address for each packet SYN flag set in each packet is a request to open a new connection to the server from the spoofed IP address Victim responds to spoofed IP address, then waits for confirmation that never arrives (timeout wait is about 3 minutes) Victim's connection table fills up waiting for replies and ignores new connections Legitimate users are ignored and will not be able to access the server

    How do you protect your network against SYN Flood attacks?

    A. SYN cookies. Instead of allocating a record, send a SYN-ACK with a carefully constructed sequence number generated as a hash of the clients IP address, port number, and other information. When the client responds with a normal ACK, that special sequence number will be included, which the server then verifies. Thus, the server first allocates memory on the third packet of the handshake, not the first.
    B. RST cookies - The server sends a wrong SYN/ACK back to the client. The client should then generate a RST packet telling the server that something is wrong. At this point, the server knows the client is valid and will now accept incoming connections from that client normally
    C. Check the incoming packet's IP address with the SPAM database on the Internet and enable the filter using ACLs at the Firewall
    D. Stack Tweaking. TCP stacks can be tweaked in order to reduce the effect of SYN floods. Reduce the timeout before a stack frees up the memory allocated for a connection
    E. Micro Blocks. Instead of allocating a complete connection, simply allocate a micro record of 16-bytes for the incoming SYN object

  • Question 133:

    Which of the following is NOT true of cryptography?

    A. Science of protecting information by encoding it into an unreadable format
    B. Method of storing and transmitting data in a form that only those it is intended for can read and process
    C. Most (if not all) algorithms can be broken by both technical and non-technical means
    D. An effective way of protecting sensitive information in storage but not in transit

  • Question 134:

    What is the main disadvantage of the scripting languages as opposed to compiled programming languages?

    A. Scripting languages are hard to learn.
    B. Scripting languages are not object-oriented.
    C. Scripting languages cannot be used to create graphical user interfaces.
    D. Scripting languages are slower because they require an interpreter to run the code.

  • Question 135:

    A person approaches a network administrator and wants advice on how to send encrypted email from home. The end user does not want to have to pay for any license fees or manage server services. Which of the following is the most secure encryption protocol that the network administrator should recommend?

    A. IP Security (IPSEC)
    B. Multipurpose Internet Mail Extensions (MIME)
    C. Pretty Good Privacy (PGP)
    D. Hyper Text Transfer Protocol with Secure Socket Layer (HTTPS)

  • Question 136:

    What will the following command produce on a website's login page if executed successfully? SELECT email, passwd, login_id, full_name FROM members WHERE email = '[email protected]'; DROP TABLE members; --'

    A. This code will insert the [email protected] email address into the members table.
    B. This command will delete the entire members table.
    C. It retrieves the password for the first user in the members table.
    D. This command will not produce anything since the syntax is incorrect.

  • Question 137:

    This is an attack that takes advantage of a web site vulnerability in which the site displays content that includes un-sanitized user-provided data. See foobar What is this attack?

    A. Cross-site-scripting attack
    B. SQL Injection
    C. URL Traversal attack
    D. Buffer Overflow attack

  • Question 138:

    There is some dispute between two network administrators at your company. Your boss asks you to come and meet with the administrators to set the record straight. Which of these are true about PKI and encryption?

    Select the best answers.

    A. PKI provides data with encryption, compression, and restorability.
    B. Public-key encryption was invented in 1976 by Whitfield Diffie and Martin Hellman.
    C. When it comes to eCommerce, as long as you have authenticity, and authenticity, you do not need encryption.
    D. RSA is a type of encryption.

  • Question 139:

    Attackers footprint target Websites using Google Hacking techniques. Google hacking is a term that refers to the art of creating complex search engine queries. It detects websites that are vulnerable to numerous exploits and vulnerabilities. Google operators are used to locate specific strings of text within the search results.

    The configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database. WordPress uses config.php that stores the database Username and Password.

    Which of the below Google search string brings up sites with "config.php" files?

    A. Search:index config/php
    B. Wordpress:index config.php
    C. intitle:index.of config.php
    D. Config.php:index list

  • Question 140:

    What is the default Password Hash Algorithm used by NTLMv2?

    A. MD4
    B. DES
    C. SHA-1
    D. MD5

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your EC0-350 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.